Just 5 hours after the official release of the latest refresh of Mozillas flagship browser, an unnamed researcher has sold a critical code execution vulnerability that puts all Firefox 3.0 users at risk of PC takeover attacks.
According to a note from TippingPoints Zero Day Initiative (ZDI) , a company that buys exclusive rights to software vulnerability data, the Firefox 3.0 bugalso affects earlier versions of Firefox 2.0x.
Technical details are being kept under wraps until Mozillas security team ships a patch.
According to ZDIs alert, it should be considered a high-severity risk:
"Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code, permitting the attacker to completely take over the vulnerable process, potentially allowing the machine running the process to be completely controlled by the attacker".